RIPEMD

The original RIPEMD function was designed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation) in 1992. Its design was based on the MD4 hash function. In 1996, in response to security weaknesses found in the original RIPEMD, Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven in Leuven, Belgium published four strengthened variants: RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320. In August 2004, a collision was reported for the original RIPEMD. This does not apply to RIPEMD-160. In 2019, the best collision attack for RIPEMD-160 could reach 34 rounds out of 80 rounds, which was published at CRYPTO 2019. In February 2023, a collision attack for RIPEMD-160 was published at EUROCRYPT 2023, which could reach 36 rounds out of 80 rounds with time complexity of 264.5. In December 2023, an improved collision attack was found based on the technique from the previous best collision attack, this improved collision attack could reach 40 rounds out of 80 round with a theoretical time complexity of 249.9. ==RIPEMD-160 hashes==

The 160-bit RIPEMD-160 hashes (also termed RIPE message digests) are typically represented as 40-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding RIPEMD-160 hash: RIPEMD-160("The quick brown fox jumps over the lazy og") = 37f332f68db77bd9d7edd4969571ad671cf9dd3b RIPEMD-160 behaves with the desired avalanche effect of cryptographic hash functions (small changes, e.g. changing to , result in a completely different hash): RIPEMD-160("The quick brown fox jumps over the lazy og") = 132072df690933835eb8b6ad0b77e7b6f14acad7 The hash of a zero-length string is: RIPEMD-160("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31 == Implementations ==

Below is a list of cryptography libraries that support RIPEMD (specifically RIPEMD-160): • Botan • Bouncy Castle • Cryptlib • Crypto++ • Libgcrypt • mbed TLS • Nettle • OpenSSL • wolfSSL ==See also==